LINUX下ARP病毒

zhancang@ubuntu:~$ sudo apt-get install ettercap

去http://ettercap.sourceforge.net下载。
zhancang@ubuntu:~$ tar -xf ettercap-0.6.tar.gz
zhancang@ubuntu:~$ cd ettercap-0.6
zhancang@ubuntu:~$ ./configure
zhancang@ubuntu:~$ make
zhancang@ubuntu:~$ make install（要用root权限）

zhancang@ubuntu:~$ ettercap --help 字串6

ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA


Usage: ettercap [OPTIONS] [TARGET1] [TARGET2]

TARGET is in the format MAC/IPs/PORTs (see the man for further detail)

Sniffing and Attack options:
  -M, --mitm <METHOD:ARGS>    perform a mitm attack
  -o, --only-mitm             don't sniff, only perform the mitm attack
  -B, --bridge <IFACE>        use bridged sniff (needs 2 ifaces)
  -p, --nopromisc             do not put the iface in promisc mode
  -u, --unoffensive           do not forward packets
  -r, --read <file>           read data from pcapfile <file>
  -f, --pcapfilter <string>   set the pcap filter <string> 字串8
  -R, --reversed              use reversed TARGET matching
  -t, --proto <proto>         sniff only this proto (default is all)

User Interface Type:
  -T, --text                  use text only GUI
       -q, --quiet                 do not display packet contents
       -s, --script <CMD>          issue these commands to the GUI
  -C, --curses                use curses GUI
  -G, --gtk                   use GTK+ GUI
  -D, --daemon                daemonize ettercap (no GUI)

Logging options:
  -w, --write <file>          write sniffed data to pcapfile <file>
  -L, --log <logfile>         log all the traffic to this <logfile>
  -l, --log-info <logfile>    log only passive infos to this <logfile>
  -m, --log-msg <logfile>     log all the messages to this <logfile>
  -c, --compress              use gzip compression on log files

Visualization options:
  -d, --dns                   resolves ip addresses into hostnames
  -V, --visual <format>       set the visualization format
  -e, --regex <regex>         visualize only packets matching this regex
  -E, --ext-headers           print extended header for every pck
  -Q, --superquiet            do not display user and password

General options:
  -i, --iface <iface>         use this network interface
  -I, --iflist                show all the network interfaces
  -n, --netmask <netmask>     force this <netmask> on iface
  -P, --plugin <plugin>       launch this <plugin>
  -F, --filter <file>         load the filter <file> (content filter)
  -z, --silent                do not perform the initial ARP scan
  -j, --load-hosts <file>     load the hosts list from <file> 字串1
  -k, --save-hosts <file>     save the hosts list to <file>
  -W, --wep-key <wkey>        use this wep key to decrypt wifi packets
  -a, --config <config>       use the alterative config file <config>

Standard options:
  -U, --update                updates the databases from ettercap website
  -v, --version               prints the version and exit
  -h, --help                  this help screen


zhancang@ubuntu:~$

zhancang@ubuntu:~$ man ettercap

字串2

或者
zhancang@ubuntu:~$ info ettercap